Rev cgi question

Robert Sneidar slylabs13 at mac.com
Wed Apr 2 14:02:37 EDT 2008 

Hi Richard.

The OS X servers use ACL's (Access Control Lists) now. If there is an  
ACL entry which applies to the particular user that is accessing the  
file or folder, then the ACL supersedes the POSIX permissions you are  
trying to set. The server first looks at the ACL entries in order. If  
the user matches any of the ACL's that are set, that user gets that  
ACL permission, and the whole process stops at that point.

If the user falls all the way through the ACL's without hitting on  
one, THEN and ONLY THEN do the POSIX permissions come into play. The  
only way to manage the acl permissions is if you use the Server Admin  
utility.

The best solution is to allow all users read/write ACL access to the  
root directory, and then (assuming the server is set up to have ACL's  
inherit down to the children) any new files created will possess the  
same ACL's that the parent folder has, and POSIX will not even come  
into play.

Now if you can access a folder after setting the POSIX permissions,  
but cannot access new files created in that folder, that is because  
POSIX inheritance does not work the way you think it would, or the way  
it should, given the nature of file servers. With POSIX, the creator  
of the folder or file becomes the Owner with read/write permissions.  
The parent's Group has read only (regardless of what the parent's  
group's permissions were) and the Everyone gets read only.

If you still have problems after that, I would talk to the server  
admin and make sure he has set the ACL's to inherit from the parent.  
It's something you set at the root VOLUME (not the share) while  
sharing is off.

One more note, are you using AFP or SMB to log into the server? I  
believe SMB has it's own permission inheritance settings. I ALWAYS set  
mine to have children inherit the parent. Otherwise you spend a LOT of  
time cleaning up other people's new folder and file permissions.

Sorry for the long blurb.

Bob Sneidar
IT Manager
Logos Management
Calvary Chapel CM

On Apr 2, 2008, at 9:01 AM, Richard Miller wrote:

> Not quite solved yet.
>
> I believe this issue has been talked about before, but the answer is  
> not clear to me.
>
> If I change the file attributes of a particular folder to "777" from  
> within my ftp program, my Rev cgi script can then go ahead and  
> delete it using Delete File and Delete folder commands. But if if  
> then use a Rev program to put a new folder on the server (via ftp)  
> in the same place as this last one, I can't delete it (unless I  
> manually change it to 777). There must be some setting on the server  
> itself... probably in the Ownership & Permissions area... to  
> configure any new folders placed there so they can be deleted by  
> Rev... but I can't sort out how to do this. This Ownership/ 
> Permissions area is completely foreign to me.
>
> Help would be much appreciated.
>
> Thanks.
> Richard
>
>
>
> On Apr 2, 2008, at 8:53 AM, Richard Miller wrote:
>
>> I sorted it out. It was an Ownership & Permission OSX setting.
>> Can someone provide guidance on the correct way to set those  
>> settings for unrestricted Rev cgi access, while still retaining  
>> server security? Or is the security issue on a Mac (running its  
>> native server app) not an issue, regardless of these settings?
>>
>> Thanks.
>> Richard
>>
>>
>> On Apr 2, 2008, at 8:41 AM, Richard Miller wrote:
>>
>>> There's something else going on. I wish it was just spelling, but  
>>> it's not. It's probably particular to OSX.
>>>
>>> I tried the following:
>>>
>>>   set the defaultfolder to "/users/myusername"
>>>   put the folders into buffer
>>>
>>> I get back the correct list of folders, including one called  
>>> "Desktop"
>>>
>>> I then try this:
>>>
>>>   set the defaultfolder to "/users/myusername/Desktop"
>>>   put the folders into buffer
>>>
>>> It returns the list of folders inside the cgi-bin directory. I  
>>> tried changing "Desktop" to "Library" and got the same cgi-bin  
>>> results.
>>>
>>> What's going on here?
>>>
>>> Thanks.
>>> Richard
>>>
>>>
>>> On Apr 2, 2008, at 8:26 AM, jbv wrote:
>>>
>>>>
>>>>
>>>> Richard ,
>>>>
>>>> I have done that dozens of time, mostly on linux & windoze  
>>>> servers...
>>>> So I'm not sure about OSX settings, but one thing I'd check first  
>>>> is the
>>>> spelling of the folder's name... it might sound silly, but many  
>>>> times
>>>> I have been blocked by spelling problems (or case sensitive  
>>>> spelling)
>>>> when referring to folders & files...
>>>>
>>>> JB
>>>>
>>>>> I don't understand what is happening with this. This is on a  
>>>>> MacMini
>>>>> server.
>>>>>
>>>>> I ask a Rev cgi script the following:
>>>>>
>>>>>     put (there is a folder "/users/myusername/desktop") into  
>>>>> buffer
>>>>>
>>>>> It returns TRUE.
>>>>>
>>>>> I then ask the following:
>>>>>
>>>>>    put (there is a folder "/users/myusername/desktop/foldername")
>>>>> into buffer
>>>>>
>>>>> (foldername = any folder sitting on the desktop)
>>>>>
>>>>> It returns FALSE.
>>>>>
>>>>> Does this have something to do with some setting I need to  
>>>>> change on
>>>>> the server?... or am I asking for information which is not  
>>>>> accessible
>>>>> from a Rev cgi script located inside the CGI-Executables folder?
>>>>>
>>>>> What I ultimately want to do is have the Rev cgi script delete a
>>>>> folder sitting elsewhere on the server. Is there a reason this  
>>>>> can't
>>>>> be done?
>>>>>
>>>>> Thanks.
>>>>> Richard Miller
>>>>> _______________________________________________
>>>>> use-revolution mailing list
>>>>> use-revolution at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your  
>>>>> subscription preferences:
>>>>
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your  
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your  
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your  
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your  
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution

More information about the use-livecode mailing list